Hackers offering tech support for malware they installed

In a bold move some hackers are offering tech support and customer service for removing malware from their victims’ computers, according to research by Kaspersky Lab.

The discovery showed a number of criminal syndicates offering e-mail, live chat, and telephone support for removing malware that these same syndicates installed. In many cases the advice offered does not remove the malware, but actually tricks the user into installing more.

Some of the operations are so advanced that they appear like genuine security services. Fake anti-malware software, called scareware, is advertised and installed, warning of infections that may or may not even exist. To solve the non-existant problem a 24/7 fully-manned switchboard with multi-language support is offered. Some even offer refunds to unsatisfied “customers”.

These services can trick users into opening doors into their computer that were not previously opened, all in a supposed effort to tackle malware that has yet to be installed. Users may fnd themselves paying for tech support while a keylogger for their bank account is being installed to drain the remaining funds.

Kaspersky discovered that digital certificates are no longer an effective means of identifying genuine and non-genuine software, as genuine or counterfeit certificates can be stolen or created and added into fake software. Kaspersky found that Windows does not actually alert a user to a bad certificate, meaning it can go undetected on most machines.

In a time when more users are aware of malware threats, hackers are changing their strategy to take advantage of security concerns. Genuine security software companies may find that they are competing against other companies which seem to be “in the know” as far as malware threats are concerned – and scared computer users are walking straight into the trap.

They may have hacked your computer and installed malware, but at least they offer damn good technical support afterwards, then after that, and after that again.